USG FLEX H Series User’s Guide
302
CHAPTER 20
IPS
20.1 Overview
This chapter introduces packet inspection IPS (Intrusion Prevention System), custom signatures, and
updating signatures. An IPS system can detect malicious or suspicious packets and respond
instantaneously by rejecting or dropping the packets. The Zyxel Device IPS protects your network against
network-based intrusions.
20.1.1 What You Can Do in this Chapter
• Use the Security Service > IPS screen (Section 20.2 on page 303) to view registration and signature
information.
• Use the Security Service > IPS > Allow List screen (Section 20.3 on page 310) to list signatures that will
be exempted from IPS inspection.
20.1.2 What You Need To Know
Packet Inspection Signatures
A signature is a pattern of malicious or suspicious packet activity. You can specify an action to be taken
if the system matches a stream of data to a malicious signature. You can change the action in the
profile screens. Packet inspection examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created for known attacks
while anomaly detection looks for abnormal behavior.
Rate Based Signatures
While IPS signatures have the Zyxel Device respond instantaneously, Rate Based Signatures are IPS
signatures that allow the Zyxel Device to just respond after a number of occurrences (Count) within a
certain time period (Period) you set.
To Next Page
Loading...
